Security Network Interface Controller (SNIC) Preprocessor with Cyber Data Threat Detection and Response Capability that Provides Security Protection for a Network Device with Memory or Client Device with Memory or Telecommunication Device with Memory

ABSTRACT

Data Input Output (I/O) processing interfaces such as the typical Network Interface Controller (NIC) do not prevent a hacker from accessing sensitive device memory data. The existing typical NIC establishes the cyber data handshake with no data security layer or discriminant response to the data traffic content while performing protocol specification IEEE 802.x. The Security Network Interface Controller SNIC embodiment, collocated with the existing the NIC interface circuit location, provides preprocessing/filtering of the incoming message packet data for malware and Hacker threats, to secure the network device memory and prevent serious damage or data loss. The Security Network Interface Controller (SNIC) embodiment method with autonomous response to the hacker ensures that the device memory is never breached, but the hacker will think they have gained access to the targeted device memory while intelligence on the Hacker is reported.

CROSS REFERENCE

Provisional Utility patent application 62/7,863,288 filed on/or about2018 Dec. 29

BACKGROUND OF THE INVENTION

This invention idea is applicable to receiving and responding to networkdata traffic originating from Hacker, defined as any unauthorized userattempting to gain access to client memory data information, damage tointernet devices, or hold internet devices captive through data messagetraffic incoming to a client with memory to receive incoming data inwhich a typical Network Interface Controller (NIC) resides for portingthe data traffic or a telecommunications device in which a RadioFrequency typical wireless virtual NIC (VNIC or WNIC) transceiverresides. Data Network message traffic may be received and transmitted byelectronic interface circuit devices that use Ethernet cable, coax's,wireless RF or other network message I/O protocol IEEE 802.X or anyauthorized user of a Client device with memory that uses a typical NICnetwork cable portal interface(s) or Radio Frequency RF wireless WNICinterface(s) portal to protocol specification IEEE 802.3/X.

Cyber electronic circuit devices with memory use a Network InterfaceController NIC to process client device data flow to and from a cybernetwork and provide buffering and handshaking operations. A NICelectronic circuit device port operates in accordance but may not belimited to IEEE 802.3/11/14 or similar network specification without asecurity layer. It simply handles the protocol message traffic forinput/output data based on the protocol TCP/IP specification format forthe data message throughput. The frame data traffic is moved to theclient device memory via interrupt processing from the NIC or WNIC MACprocessor(s) to the client device processor in which to move the framedata over the client device data bus to the Client device memory withoutregard to message content or from where the sender is located. Theformat of the frame data is described in the IEEE 802.3/X Ethernetspecification.

It is desirable to provide typical NIC a security data layer of apreprocessing embodiment architecture collocated with the typical NICelectronic circuit device by adding a microprocessor with embedded codefor improved frame data handling processes to obtain a data securitynetwork interface controller (SNIC) comprised of an ArtificialIntelligent (AI) sequencer that is synchronized with a discriminatingcomparator circuit and which recognizes frame data threats or malwarecontained within the network message data I/O traffic frame processesand in which the result is to give an autonomous option spoof responseto the Hacker and when a data threat is discovered at the time of SNICcomparator process of threat filter compare process, electronicallyrespond with a deceptive acknowledgement scheme while capturingintelligence on the unaware Hacker and to protect the Client devicememory from threat intrusion or contamination of Hacker data by allowingonly validated data of integrity to move into the Client device memory.Malware is undesirable and brought in through embedded data links or byattachments of executable files or imbedded links within incomingmessage data traffic that make it into the Client device memory. Denialof Service (DOS) attacks are launched to overwhelm network devices withNICs. Malware threats can be circumvented by the SNIC autonomously andall message traffic from the Hacker can be safely contained, quarantinedand stored, to a write only device memory or retrieved off line forforensic analysis. Spoofing and deception of the Hacker is desirable inwhich the Hacker will think they got into the targeted site, butautonomously will be directed to an endless address and time out. Eachinstance of a threat discovery is time stamped, counted and reportedfrom received frame data header of the message data header received andstored in SNIC memory, for reporting the incident to the

Network Operator. If no threat is detected or discovered, the frame datais routed as normal to the Client device memory from the SNIC memorybuffer. Removing the data security defense program applications (such asNorton or Fire-shark) from the Client device program memory to the SNICcircuit device memory defensive custom program location, frees theClient device program memory for other application tasks and ensures bySNIC preprocessing, message data content of the Client device memorydata base remains secure, safe and non-accessible by the cyber Hacker.Current defensive measures do not work against DOS attacks. The SNICdefeats DOS attacks by a three-tier method. These methods are softwarealgorithms that are called for priority of sender ID and destinationroutines, hacker attempt to enter count, and spoofing response to theHacker by the DNIC processor. This tiered method will defeat DOSattacks.

BRIEF SUMMARY OF THE INVENTION

The architecture of the existing typical Network Interface Controller(NIC) design is mature but archaic due to lack of a data securityprocess layer or data checking means in the NIC design for integrity ofthe message sender or content data contained in the serial messageformat. If a threat from a Hacker is sent via the Network to a clientdevice typical NIC interface, the typical NIC is not designed to respondto the Hacker threat autonomously. This SNIC electronic circuitinvention adds design hardware and embedded Artificial Intelligence AIcode to augment the existing NIC architecture to accomplish internetdata traffic content integrity, threat discovery and provide autonomousresponse to the Hacker, which makes them think they were able to get adesired response from the target destination port address, when inreality, intelligence data is gathered and stored and reported about theHacker, and reactive responses are generated by the SNIC embodiment, asdescribed in this disclosure, to deceive the Hacker. Additionally, whenany content of message received is found to be undesirable. undesirablethreat message data is dumped to a SNIC embodiment security memorystorage (SMS) device and threat data is deleted to protect the clientdevice memory when 70% SMS capacity is attained. Distributed Denial ofService DDOS attacks are dealt with by the SNIC embodiment AI softwareusing a priority of IP address list, an authorization list and spoofingtechniques algorithms.

Currently, only a Firewall responds to a threat by blocking the portaccess to the network and the Hacker is denied a response from thedestination client or server desired. If the NIC Card were designed toupload a known safe list of client addresses through ports to a buffermemory, with which the NIC embodiment could compare the list against theHacker sender address and port for validity and integrity, then thetypical NIC embodiment would have the needed method and processes tomake the decision to respond deceptive to the Hacker sender, or redirectall of the senders message packet content data into a secured storagebuffer for isolation and quarantine, or being a valid listed sender withacceptable data content, let the sender message packet data pass throughthe Network Firewall filter to the intended Network client device memoryfor processing and display.

The SNIC invention embodiment satisfies a network security response tothreat or any harmful sender by preprocessing the incoming data messageto determine if the message contains embedded links or attachments, thencategorizing the threat type before routing the dangerous threat data tothe SMS device memory storage and before it is completely validated andauthorized to be sent to the client device memory. A timely comparisonis made of an authorized users acceptable address from an uploaded listof targeted suspected threat addresses by the SNIC embodiment sequencerprocesses. Non-authorized address detected by, the SNIC sequencer codedmodule will return a deceptive ready to receive data acknowledgementheader packet. The Hacker gets the response but loses the handshake toestablish address contact and data transfer processing to the targetcontact over the network.

The SNIC provides a security layer that was originally designated inspecification IEEE 802.3 in 1986 pre-release document but neverimplemented. The interface SNIC embodiment collocated with the NICsecures the network data routed to the targeted Client device memory byproviding, content malware filtering and making output threat reports.The SNIC embodiment invention interface of preprocess filtering ofmessage content data before Client device memory entry architecturemethod, can become a typical network device interface security optionfor a device memory requiring new strong security protection. Areplacement of all existing nonsecure NIC interfaces with the SNICinvention embodiment will provide a means to capture the Hackerinformation and deceive the Hacker while capturing and storing theHacker response header data for intelligence analysis and generate astatus report on Hacker intelligence. All network protocols such as butnot limited to, TCP/IP UDP, are handled by the SNIC processor. Thisdisclosure invention idea does not require the Network firewall to blocka port as is done when a denial of service (DOS) attack occurs. The SNICallows all data traffic, but if it is an undesired IP address, the SNICwill deceive the sender to some dead zone while capturing the sender'sinformation for analysis by the Network or Client device and generate astatus report containing the header information, a time stamp count ofHacker attempts, and type of attack. The DOS response by the SNIC isdetermined autonomously as dependent on IP priority, destination IPpriority, repetition of received IP, count of repetition andauthorization infringement due to malware content.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is an illustrative block diagram of a typical NIC cable interfacenon-secure data protocols or an RF wireless interface circuit used fornon-secure data protocols handling of the type that may be provided withprocesses and methods in accordance with but not limited to an existingembodiment and Ethernet protocol specifications IEEE 802.X.

FIG. 2 is an illustrative block diagram of a SNIC circuit installed witha typical SNIC interface circuit device and a SNIC embodiment circuitfor preprocessing secure message data content in accordance with but notlimited to an existing embodiment and Ethernet protocol specificationsIEEE 802.X.

FIG. 3 is an illustrative block diagram of a SNIC circuit cableinterface of the type that is comprised of a NIC interface and connectedto a SNIC embodiment for preprocessing message content data for malwareand secure data content in accordance with but not limited to anexisting embodiment and Ethernet protocol specifications IEEE 802.X.

FIG. 4 is an illustrative block diagram of a SNIC RF WIFI interfacecircuit device of the type that is comprised of RF data input to a NICtype communications interface and interconnected to a SNIC embodimentfor secure message data preprocessing before being sent to the Clientdevice memory in accordance with but not limited to an existingembodiment and Ethernet protocol specifications IEEE 802.X.

FIG. 5 is an illustrative block diagram of a SNIC Sequencer/Comparatorprocess used to provide the threat processing and decision actions goingon within the security SNIC architecture for threat data processing ornonthreat processing. The input source can be either ethernet cable orRF antenna and the output message data is bussed to a target devicememory. If the SNIC detects undesired message data, then an outputreport is processed. No data is ever sent to the targeted client devicememory when an incoming undesired message content data is discovered.

FIG. 6 is an illustrative block diagram comprising of a SNICSequencer/Comparator Functional View process used to provide the threatprocessing and decision actions going on within the security SNICarchitecture. The input source can be either ethernet cable or RFantenna and the output message data is bussed to a target device memory.If the SNIC detects undesired message data, an output report isgenerated, and no message data is sent to the targeted device memory.The internal architecture components are comprised for decision making,report generation, status indicator intelligence program registers, andspoofing responses from a comparator circuit.

FIG. 7 is an illustrative table diagram of a SNIC Management Registerused to provide message processing management communication to the SNICprocessor controller software for the responses to decision makingprocesses of the sequencer and comparator circuits during the time thedata message and frame data are being processed in accordance with butnot limited to an existing embodiment.

FIG. 8 is an illustrative table diagram of a SNIC Sequencer Threat TypeRegister used to provide message processing data threat typecommunication to the SNIC processor controller and for SNIC software forthe responses to decision making processes of the sequencer andcomparator circuits during the time the data message and frame data arebeing processed in accordance with but not limited to an existingembodiment.

FIG. 9 is an illustrative table diagram of a SNIC Sequencer/ComparatorStatus Register where status of threat processing can be indicated tothe decision making SNIC processor which automates the threat responseand acknowledges handshaking with the threat sender in accordance withbut not limited to an existing embodiment.

FIG. 10 is an illustrative table diagram of a SNIC Interrupt Registerdiagram showing which bit when set, shall enable processing of messagedata to the client memory device or be processed to the SMS forundesired message data content in accordance with but not limited to anexisting embodiment.

FIG. 11 an illustrative block diagram of Equipment for Network Cable orRF Signal Frame Data Processing and Storage and a SNIC interface circuitboard installed as used on a typical computer mother board installationfor processing secure and filtered message data which includes aninternal SNIC embodiment SMS storage location for isolation andquarantine of malware. Equipment comprising of Client device memory, anupload port and output port for message processed status via a cableconnection content in accordance with but not limited to an existingembodiment.

FIG. 12 an illustrative block diagram of a WIFI RF Signal Mobile PhoneFrame Data Processing with SNIC IC Installed used on a typical mobilephone mother board installation for processing serial message data whichincludes an internal SMS storage location, mobile phone device memory,an upload port and output port for message processed status via awireless or an antenna connection in accordance with but not limited toan existing embodiment.

FIG. 13 is an illustrative table diagram of a SNIC Output Status Reportformat. The report is comprised of SNIC register bit states, Time andDate register contents and TCP/IP or UDP frame Header data content inaccordance with but not limited to an existing embodiment.

FIG. 14 is an illustrative table diagram of a SNIC UploadThreat/Priority/Authorization List format. The report is comprised of afour data section list in a 32 bit or 8 bit-byte structure for codereading purposes by the SNIC processor software program and thesequencer/comparator circuit. The three sections are a list of Hacker ID(IP address) and destination IP address, a list of Authorized IPaddresses and destination IP address, a list of Hacker ID (IP address)priority of importance and destination IP address and a list of priorityof importance Authorized IP addresses and destination IP address contentin accordance with but not limited to an existing embodiment.

DETAILED DRAWING DESCRIPTIONS OF THE INVENTION

FIG. 1 100 is an illustrated block diagram view of a typical NIC processdata flow for an existing cable connected typical nonsecure data NICNetwork Interface Circuit 110. The ethernet cable NIC 100 receivesnetwork Manchester coded format data bits serially when addressed 101,reformats the data bits into binary bits 102, stores them in a Frameformat internal NIC memory 103, converts the serial data to parallel orserial binary data 103 to be bused as parallel or serial data bits to aClient Device memory 104. Upon interrupt by the NIC Media AccessController (MAC) 103 when the frame data is ready for transfer to theClient Device memory 104, the message data is sent to the client devicememory 104 for programming display to a Client Device screen 104. TheClient Device 104 responds to the received data message 101 and sends aresponse framed message of parallel or serial binary data bits to theNIC Memory 103 which outputs the binary data as serial data to the NICreformat 102, then converts the serial data bits from binary to networktransmission coded data bits 102 (Manchester Code) and transmits theNetwork Ethernet Data or RF code over an electronic cable or air to thedesired destination address. Successive frames of data bits follow tocreate a package of frames to complete protocol packet of messagecontent and when complete, the NIC 110 returns to idle to poll for amark bit until the next time it is addressed.

FIG. 2 200 is an illustrated block diagram view of a data secure typicalSNIC circuit embodiment installed as is shown in 210 with cable and RFinterface capability. The antenna connected typical RF Transceiver 201and 210 is a view of the NIC process flow electronic circuit interfacewith SNIC preprocessor embodiment 212. The typical RF WIFI convertor 201receives network coded format RF data bits serially when addressed,reformats the analog data bits into binary bits 202, stores them in aFrame format internal NIC memory 203 (see point A 203), converts theserial data to parallel (see point B 204) depending on the Client devicebus 205 where binary data (see point C) will be bused as parallel orserial to a Client device memory 205 (see point D 205). Upon interruptby the NIC Media Access Controller (MAC) 204 and when the frame packetdata is ready for transfer to the Client device memory 205, the framepacket data is sent to the client device memory 205 for programmingdisplay to a Client Device screen 205. The Client Device 205 responds tothe received data message 201 and sends a response framed message ofparallel or serial binary data bits to the NIC Memory 204 which out putsthe binary data as serial data via NIC reformat 204, then converts theserial data bits from binary to RF network transmission coded data bits204 transmits the Network RF data wireless to the desired destinationaddress. Successive frames of data bits follow to create a package offrames to complete protocol packet of message specification 802.14. Whencomplete, the NIC RF Transceiver 201 returns to idle until the next timeit is addressed. The SNIC embodiment 212 preprocesses the data formalware or undesired addresses received to provide security andintegrity of the received or transmitted data message content.

FIG. 3 300 is an illustrated block diagram of a Security NIC (SNIC)Circuit Cable Interface 305 designed of embedded firmware microcode code303, a sequencer and comparator and device hardware 315 for filteringdata message traffic content sent by a Hacker, a special decision makingsequencer and frame data comparator 315 that works with the SNICmicroprocessor 302 to sequence and to tag the undesired data addressreceived as a threat 315, and sends an interrupt to the Client Deviceprocessor 318 of undesirable hacking threat data received, isolates andquarantines the received data contained in RAM memory 312 to the writeonly memory (WOM) 330 Security Memory Storage (SMS) 330. The clientdevice 318 receives no data. The SNIC 300 receives network coded formatdata bits serially 306 when addressed, reformats the data bits intobinary bits 306 and stores the data bits in a Frame format per IEEE802.Xin the RAM memory interface 312. The SNIC gets the data frame from 312memory, sends it to the comparator buffer 315 and makes a comparison forthreat data or addresses of received frame data to the Input Data Threatlist 321 and upload port SNIC Internal Memory Storage 324 and if athreat is found, frame data 312 is moved to security memory storage(SMS) 330 and the Output Data Status Report 327 is sent a time stamp ofthe threat occurrence, SNIC register threat status (see FIG. 14), and anoptional custom status message can be sent by the SNIC processor tointerrupt the Client device processor 318 to take the status data offbus to the Client device memory to be processed for programming displayto an Operator screen 318. The Client Device 318 responds to thereceived data message 312 and sends a response framed message ofparallel or serial binary data bits (bus dependent) to the NIC Memory312 which outputs the binary reformatted serial data as serial Tx data306. Successive frames of data bits follow to create a package of framesand when complete, the SNIC 301 and NIC 306 return to idle until thenext time the NIC 306 is addressed or interrupt activated. The NetworkOperator receives a status report 327 of the threat incident from theSNIC processor 302 and SNIC Security sequencer processor 315 in the formof number of threats (count), timestamp, type of threat, IP information327. The processor 302 is instructed by the custom operating and appssoftware at location 303 which has programmed AI and threat learningcapabilities. The processor 302 is instructed by the custom operatingand apps software at location 303 from redundant incidents and learnedexperiences. If no malware is found by the SNIC SecuritySequencer/Comparator process 315, the message data content and headerframes are transmitted from the Memory Interface 312 to Client devicememory 318 by the SNIC processor 302 interrupt routine for end of frameoccurrence as a normal message data content traffic handshake.

FIG. 4 400 is an illustrated block diagram of a Security NIC (SNIC) RFWIFI Interface Circuit 405 comprised of embedded SNIC embodiment 401, atypical WIFI RF transceiver 440, A Client Device interface 418, an inputdata threat list upload port 421 and SNIC internal memory storage 424,an output data report port 427 used to output a status report asdirected by the SNIC processor 402. The SNIC embodiment circuit 401 isconnected to the Transceiver 440 by a shared serial bus between RFmemory 440 and the SNIC embodiment memory interface 412 to the clientdevice 418 bus lines. The SNIC embodiment 401 microprocessor 402 runs oncustom firmware microcode code 403 and custom AI software program 403, asequencer and comparator and device hardware 415 is used for filteringdata message traffic content from 440 to 412 to 415 received from aHacker 400, if the received data is discovered as undesirable will movefrom 412 memory to the security memory storage (SMS) 430 for isolationand quarantine. The client device 418 receives no data if the datamessage content is undesirable as determined by the SNIC embodiment 401.The SNIC Interface circuit 405 receives wireless coded data serially 440when addressed, reformats the data bits into binary bits 440 and storesthe data bits in a Frame format 440 interrupts the SNIC processor 402which moves the memory 440 content to SNIC memory interface 412. TheSNIC processor 402 gets the data frame from 412 memory, sends it to thecomparator buffer 415 and makes a comparison for threat data oraddresses of received frame data to the Input Data Threat list upload424 and if a threat is found, frame data 412 is moved to security memorystorage (SMS) 430, then a special decision making sequencer and framedata comparator 415 works with the SNIC microprocessor 402 to sequenceand to tag the undesired data address received as a threat 415. OutputData Status Report 427 is sent a time stamp of the threat occurrence andregister threat status (see FIG. 14), A status message can optionally besent by the SNIC processor 402 to interrupt the Client device processor418 to take the status data off bus to the Client Device memory 418 tobe processed for programming display to an Operator screen 418. TheClient Device 418 responds to the received data message 412 and sends aresponse framed message of parallel binary data bits to the NIC Memory412 which outputs the binary data as RF serial Tx data 440. Successiveframes of data bits follow to create a package of frames and when End ofFrame (EOF) occurs, the SNIC embodiment 401 processor 402 andTransceiver 440 return to idle until the next time the SNIC embodimentis addressed or interrupt activated. The Network Operator 427 receives astatus report of the threat incident from the SNIC processor 402 andSNIC Security sequencer/comparator process 415 in the form of number ofthreats (count), timestamp, type of threat, IP information. The SNICmicroprocessor 402 is instructed by the custom operating and appssoftware at location 403 which has programmed AI and learningcapabilities. The processor 402 is instructed by the custom operatingand apps software at location 403 from redundant incidents and learnedexperiences. If no malware is found by the SNIC SecuritySequencer/Comparator process 415, the message data content and headerframes are transmitted from the Memory Interface 412 to Client devicememory 418 by the SNIC processor 402 interrupt routine for end of frameoccurrence as a normal message data content traffic handshake.

FIG. 5 500 is an illustrated block diagram of a security SNICSequencer/Comparator Process 501 with supervised upload data 528containing the threat data list 510. The known threat data is formatted510 to look like the frame architecture as defined by ethernetspecification IEEE 802.X for Ethernet transmission protocol or RFprotocol and entered through the Upload Threat Port 528 by the Operator528. The Boot load Prom 503 initializes the SNIC processor 504 registers522, 524, 525, 526, memory Ram 506, 507, 508, 509 and 520. when power onoccurs. The Boot Load code is used to set the health of the SNICprocessor 504 to enable the NIC 502 to look for preamble and addresscoded data from the ethernet cable transmission connection 502 or RFconverted digital data. The SNIC processor 504 is instructed by thecustom operating and apps software at location 504 and Program Memory530 when the NIC receives a frame of data or upon an interrupt from anembodiment device 505 or SNIC Sequencer Threat Type Register bitindicator settings 524 are set, the data is detected as malware andneeds to be dumped to the SMS 520. When this happens, no data can go tothe Device Memory 500 providing safe and secure Device Memory fromattack. The NIC 502 or RF transceiver 502 receives a start bit andpreamble code to sync the clock for data entry, stores the frame dataand interrupts the processor 504 to move the frame data from 502 to RAMmemory 506. The sequencer moves the data frame to RAM 507, 508, 509where the data is compared 505 for type of threat. If the threat is oneof a type and which compares as a threat identified by the Uploadedthreat list 510, Management Register Bit 1 is set 525, a Status RegisterBit is set 522 and the process for threat response begins. The entirethreat data message is removed from the memory 506, 507, 508, 509 andsent to write only memory security memory storage (SMS) device 520 andthe SNIC program sequencer 504 removes the hold on the processor 501 toprocess the next data frame. The four control registers 522, 524, 525,526 are used by the microcode AI program to vector the necessary processoperations in which to actively respond to a Hackers intrusion. The fourcontrol registers contents 522, 534, 525, 526 are copied to the OutputStatus Report 527 and I/O interface port 521. The formatted response tothe Hacker is converted by the NIC I/O formatter 502 and transmitted 502Tx Ethernet to the Network cable or wireless in the case of an antennaRF interface 502. If the comparison is a no fault found process 505, theSNIC processor 504 moves the received frame data 506-509 to the Clientdevice memory 500 via interrupt control line. The process is the samefor a WIFI interface embodiment 503 if interfaced with the SNICprocessor 504. The Network Operator 527 receives threat data statusgenerated from the result of the comparison process from the I/OInterface circuit 521 for each processed network frame of data. Theprocessor 502 is instructed by the custom operating and apps software atlocation 514 which has programmed AI and learning capabilities. The SNICprocessor 504 is instructed by the custom operating and apps software atlocation 514 from redundant incidents and learned experiences.

FIG. 6 600 is a block diagram of a security SNIC ProcessorSequencer/Comparator Functional View 600 and SNIC embodiment 601electronic circuit device comprising buffer memory 610 and 612comprising a FIFO and RAM buffers coupled to the Client device bus forinterrupt processing and movement of the frame data 610 or 612 forstorage when ready as determined by the SNIC processor 604 and thesequencer comparator 630. The registers 644, 640, and 642 indicator bitsgive the SNIC processor 604 AI intelligence control over the SNICmalware detect processes required to determine type of threat 618, 619,hacker response 632, SNIC Status output report 622, 617, SMS memorystorage 626, and if a match 616 is made by the comparator 630 what spoofresponse 632 is to be sent to the Hacker 620. If a threat is discoveredduring the comparison process 616, a decision is made by the processorAI code to autonomously spoof 632 the Hacker 620 and the spoof responseis sent to the NIC 602 for transmission to the Hacker 600.

The SNIC threat data base is initialized by Operator Input 615 withpreformatted threat data at port Upload Threat 618. This threat data ismoved into RAM storage 619 for later comparison with NIC 602 incomingdata RAM memory 614 as determined by the sequencer SNIC ManagementRegister bit settings 644. If the message frame data 603 is clear ofthreats, the frame data message 603 is moved to Parallel Data Register612 and serial FIFO Register 610, the SNIC processor 604 generates aninterrupt to Client device processor 600 to take the data on the busfrom 610 or 612 to the Client device memory bus dependent Client devicearchitecture.

FIG. 7 700 is a table graph showing a table of bit assignments for theSNIC Management Register 710. This register is used by the SNICmicrocode program to control the synchronizer and comparator circuitsand input output processes by placing hold actions on the processorwhile the sequencer and comparator process for threat handling actionsor responses and for AI coded response. The register is made up of 4bytes for 32 bits wide word. Only the 1^(st) 8 bits are fixed forprogram call to subroutine software instructions. The remaining bits,8-31 are reserved for architecture security technique growth, learnedresponses to Hackers and upgrades to the software.

FIG. 8 800 is a table graph showing a table of bit assignments for theSNIC Sequencer Threat Type Register 810. This register is used by theSNIC microcode to control the comparison process by identifying threattypes and placing hold actions on the SNIC processor while the sequencerand comparator process to identify threat types for AI coded response toa Hacker. The decisions made by the AI program are based on theindicators action to threat type and policy of SNIC response to hackerattempt to enter the client device memory. The register is made up of 4bytes for 32 bits wide word. Only the 1^(st) 8 bits are fixed forprogram call to subroutine software instructions. The remaining bits,8-31 are reserved for architecture security technique growth, learnedresponses to Hackers and upgrades to the software.

FIG. 9 900 is a table graph showing a table of bit assignments for theSNIC Sequencer/Comparator Status Register 910. This register is used bythe SNIC micro code to control the comparison by placing hold actions onthe processor while the sequencer and comparator process to identifythreat type and for AI coded response. The busy not busy indicators bits0, 1, 2, 3 allow the AI microcode program to determine when to move thedata from one process circuit to another. The bits 3, 4 allow themicrocode program to know when a transfer of data is completed. Theregister is made up of 4 bytes for 32 bits wide word. Only the 1^(st) 8bits are fixed for program call to subroutine software instructions. Theremaining bits, 8-31 are reserved for architecture security techniquegrowth, learned responses to Hackers and upgrades to the software.

FIG. 10 1000 is a table graph showing a table of bit assignments for theSecurity NIC Interrupt Register 1010. This register is used by the SNICAI microcode program to control the Network input message data movementby placing hold actions on the processor while the sequencer andcomparator process to identify threat type for AI coded response. Thesebits represent an IRQ control hardwired program address to call asubroutine routine the AI microcode will vector to when enabled. The 32bits of interrupt address at the microcode level gives the programflexible coding structure to control the flow of the data sequences andknow where the message fame data is in its processes from start tofinish. If the message is discovered to have undesirable contents, bit 6is set to enable a dump of SNIC memory to the security memory storage(SMS). If the message data contained in memory content is acceptable,then all register bits are re-set and the processor sends an interruptto the client device to take the content of the SNIC memory off thecommon interface bus. The 32 bits of interrupt addressing 1010 are usedby the source programmer to achieve artificial intelligent (AI) methodsfor the decisions making of receiving data, processing the data, andsending the data via the bus to the target destinations. methods andprocesses. The register is made up of 4 bytes for 32 bits wide word.Only the 1^(st) 8 bits are fixed for program call to subroutine softwareinstructions. The remaining bits, 8-31 reserved for architecturesecurity technique growth, learned responses to Hackers and upgrades tothe software.

FIG. 11 1100 is an illustration of installed Equipment for Network Cableor RF Signal Frame Data Processing and Storage interfacing with the SNIC1108 interface circuit board for IEEE 802.X TCP/IP or IDP type framedata interface processing, which includes an internal onboard SMS memorythreat storage location 1118 used to quarantine message data discoveredto be undesirable. The circuit board contains a typical NIC 1112 networkinterface to SNIC memory 1114 for message input and output and acrossthe common parallel bus 1130. The SNIC CPU 1119 and the SNIC memory 1114control the SNIC embodiment processes of comparison of the threat uploadlist 1110 to know threats from a Hacker. If the message content uponpreprocessing completion is good, the SNIC CPU 1119 sends an interruptto the Client Device CPU 1106 and memory data 1114 is moved over thecommon bus 1130 from SNIC memory 1114 to Client Device Memory 1104located on the Client Device computer Mother Board 1102. The ClientDevice computer CPU 1106 can then display 1105 or react via keyboard1120 to the data entered. If undesirable content in the memory SNIC 1114is found, a status report is generated and sent to the SNIC Status I/OPort Device 1115 and the received data is dumped to the SMS 1118.TheClient memory device 1104 is never bridged or receives any data memory,the Hacker is spoofed off to an IP destination where the Hacker thinkshe got in, but the connection times out.

FIG. 12 1200 is an illustration of installed WIFI RF Signal Mobile PhoneFrame Data Processing with a SNIC IC phone computer device 1205interfacing with the SNIC IC interface circuit 1208 for frame datainterface processing, which includes an internal SNIC embodiment memorythreat storage location 1218 used to quarantine message data discoveredto be undesirable. The phone computer device 1202 contains a typical RFWIFI Antenna Transceiver 1212 virtual network interface controller (VNICor WNIC) to RF station for RF message input and output 1200. The SNICCPU 1219 and the SNIC memory 1214 control the embodiment processes ofcomparison of the threat upload list 1210 to antenna traffic framepacket data 1200. If the received serial digitized message content afterpreprocessing completion is good, the SNIC CPU 1219 sends an interruptto the Client Device computer CPU 1206 and memory data 1214 is movedover the common serial bus 1230 from SNIC memory 1214 to Client DeviceMemory 1204 located on the Client Device computer Mother Board 1202. TheClient Device computer CPU 1206 can then display 1205 or react viakeyboard 1220 to the data entered. If undesirable content in the SNICmemory 1214 by the SNIC embodiment comparator circuit 1208 is found, astatus report is generated and sent to the SNIC Status I/O Port Device1215 and the received data is dumped to the SMS 1218.The Client memorydevice 1204 is never bridged or receives any data memory, the Hacker isspoofed off to an IP destination where the Hacker thinks he got in, butthe connection times out.

FIG. 13 1300 is an illustration of the Output Status Report formatlisting SNIC Management Register bit configuration, SNIC SequencerThreat Type Register bit configuration, SNIC Sequencer/Comparator StatusRegister bit configuration and SNIC Interrupt register bit configuration1310 at the time of SNIC Comparator discovery of malware or undesirabledata IP; also comprising the report is the SNIC CPU Time and Dateregister contents 1315 at the time of SNIC Comparator discovery ofmalware or undesirable data IP and received Hacker frame header data ofthe Source Port IP and the Destination port IP addresses 1320. Thisstatus report enables the Network Operator to know immediately who theHacker is and begin an analysis on the attacker. The meantime the SNICselects a spoof algorithm and dumps the Hacker message data to the SMSfor isolation and quarantine to provide security of the client memory.

FIG. 14 1400 is an illustration of the UploadThreat/Priority/Authorization List format comprising a listing of HackerID (IP) and Destination, Authorized ID (IP) and Destination, HackerPriority ID and Destination and Authorized Priority ID and Destination.This information data is made up by the Network or Client DeviceOperator for upload to the SNIC embodiment Operator Threat Upload memory510. This data entry upload is used by the SNIC sequencer and comparatorto filter the message data as received by the SNIC memory 1114 from thesource sender to look for a match during frame preprocessing.

What is claimed is:
 1. The Security Network Interface Controller (SNIC)comprised of electronic circuit components, utilizes a typical NetworkInterface Controller (NIC) or RF Wireless Network Interface Controller(WNIC) connected to a collocated SNIC embodiment containing a processorand program memory, connected to a SNIC embodiment start up PROM forinitialization of the SNIC embodiment components, connected to a SNICembodiment Random Access Memory (RAM) buffer memory common to a Clientbuss, connected to a SNIC embodiment flash memory that stores thesoftware security program, connected to a SNIC embodiment uploadinterface port and memory to store threat data lists and authorized datalists, connected to a SNIC embodiment threat status memory storage (SMS)as write only memory (WOM) component to capture isolate and quarantineHacker malware that could have optional forensic analysis and retrieval,connected to a SNIC embodiment set of register indicators for CPU AIprogram vectoring, connected to a SNIC embodiment output port forreporting Hacker frame header data content by generating SNIC embodimentregister status, time stamp and Hacker attempt counts, connected to aunique SNIC embodiment sequencer/comparator to filter incoming data formalware, connected to a SNIC embodiment autonomous action spoofingHacker response circuit are the hardware/software invention componentfeatures of the SNIC embodiment circuit to accomplish preprocessing andgatekeeper methods and processes of network message data integrity,cyber data security, Hacker deception for data traffic to and from aClient device memory and to prevent all known hacker attempts to bridgeentry of a targeted network device memory or product device memory orClient device memory from contamination of the data contents or fromaccessing data from the above device memories that utilize IEEE 802.Xprotocols for data transmission interactive connections. (See FIGS. 1,2)
 2. The SNIC embodiment electronic circuit device embodiment definedin claim 1 wherein the startup program read only memory (PROM) circuitdevice will be initialized for the device interface comprising of eventscast for the environment in which it is installed in, that may be toinclude but is not limited to, wired or wireless interfaces or mountedplatforms (See FIG. 5).
 3. The SNIC embodiment electronic circuit devicedefined in claim 1 incorporates an AI sequencer/comparator decisionmaking circuit that is a microprocessor driven software program thatpreprocesses and filters the incoming digitized data located between theNIC or VNIC or WNIC output and the Client Device Memory, automates thethreat response and acknowledges handshaking with the threat sender withcyber defensive maneuvers and autonomous responses to a hacker frompreprocessed message data content analytics and issues a spoof responseto the Hacker when malware is discovered during the filtering process,but allows data through put to the Client device memory if no malware orHacker threats are found and authorized (See FIGS. 3 and 4).
 4. The SNICembodiment electronic circuit device defined in claim 1 operates withmultiple communication protocols but not limited to: Ethernet NIC, RFwireless telecommunications WNIC, custom application security softwareenabled with Artificial Intelligence (AI) for decision making responsesto make the Hacker think entry of the device memory was bridged orobtained but in reality the Hacker was denied the targeted device memoryby deception and spoofing AI algorithms, and custom user threat reportlog generation tailored to user capability and Hacker learningalgorithms custom for the SNIC data sequencer program (See FIGS. 5, 6).5. The SNIC embodiment electronic circuit device defined in claim 1incorporates a protocol data frame search for threat content andexecutable software data code, to tag frames with a Management Registeralarm bit if bad content data is discovered, to flag frames that havetargeted words on incoming messages or threats designated for Clientdevice memory, and set indicators that can be used to generate a statusreport of flagged data for display on the Network administrators displayscreen or client screen or printers, but not allowing the message dataor data content to go into the targeted device memory of the addressedclient device memory (See FIGS. 5, 6).
 6. The SNIC electronic circuitdevice defined in claim 1 and claim 5 method and process claim is thatif there are no threat contents in the message and the sender IP isrecognized as authorized, then message data will be allowed to processas normal to the device memory and a status report output will show averification of throughput to Client Device Memory (See FIGS. 3, 4, 5,11, 12).
 7. The SNIC embodiment electronic circuit device defined inclaim 1 incorporates an input upload port and memory storage for a listof known Hacker ID and destination address information, known Authorizeduser ID and destination address and formatted in a priority sequence foreach Hacker or Authorized user such that the SNIC sequencer andcomparator circuits can filter the incoming data content for malware ordangerous threats to the Client device equipment or to the Client devicememory(see FIG. 6).
 8. The process and method of claim 7, wherein anauthorization list further comprising priority of identification (ID)and destination IP address data code is uploaded to the SNIC embodimentInput Memory and whose content data will be compared to incoming framedata for validation to gain access to the Client Device Memory and iffound to be a no match shall not be allowed to gain access to the ClientDevice Memory.
 9. The process and method of claim 1, wherein a specificadvantage of using a SNIC embodiment invention is that access to anySNIC embodiment connected Device Memory on a bus controlled by a DeviceCPU will have preprocessed, filtered and gatekeeper processes at theport of entry NIC or WNIC location which allows only validated data topass to the Device Memory rather than from a software firewall (such asWireshark or Norton) which are resident in the Device Memory andimmediately bridged by a hacker because the Hacker data has to be in theDevice Memory for these products to work.
 10. The SNIC electroniccircuit device defined in claim 1 negates the need for the Client deviceto have a need for a resident memory security firewall software programand this post interface processing task is now resident on the SNICflash memory storage device in a unique algorithm for preprocessing andfiltering methods and processes within custom embedded architecture andwith Hacker response capability to preprocess and filter the messagedata to prevent the Client device memory from breach or contamination ofdata by the Hacker (See FIGS. 5 and 6).
 11. The SNIC electronic circuitdevice defined in claim 1 will replace all typical nonsecure NICinterfaces with either a dongle box SNIC embodiment when a NIC motherboard is involved or a drop in SNIC circuit board replacement for a homecomputer such as a PCI circuit board or as in the case of a portabledevice such as an I-Phone, Tablet, Laptop, shall be made to fit with theNIC or RF as an additional integrated circuit micro miniaturizedcollocated component to form a SNIC interface embodiment, the uniqueinvention method and utility of memory security process being the samebut not limited to fir (See FIGS. 2, 11, 12).
 12. The SNIC embodimentelectronic circuit device defined in claim 1, will defeat all knownmethods of hackers attempts to gain entry into a targeted device memoryand adapt from learned experiences how to defeat future forms andmethods of hack entry attacks while outputting a status report of suchan occurrence and if an undesired occurrence by a Hacker is attempted,all message data will be dumped to a Secure Memory Storage (SMS) deviceas contaminated data for quarantine and isolation from the bus datatraffic to the destination targeted Client device memory whilepreventing access to the device memory bus (See FIG. 5 520).
 13. Theprocess and method of claim 1 and claim 12, wherein a multiple ofspecific advantages of using a SNIC embodiment invention is that itdoesn't give any feedback to the hacker while intelligence is gather onthe Hacker, it has an embodiment memory isolation trap SMS where allharmful data is sent and quarantined, it spoofs the hacker and keepsthem in the dark to its presence, it will learn and adapt to present andfuture attacks, it brings security to the beginning of the messageprocess, and it can fit in any network device.
 14. The process andmethod of claim 1 and claim 13, wherein a SNIC containing a typical NICor WNIC can be architecturally sized for the environment such as aLaptop Computer requiring a dongle attachment to acquire the SNICembodiment invention when a mother board containing an onboard NICcannot be back fitted and security for the device memory is needed.